flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > [IDEA] Emulator for x86-64

Author
Thread Post new topic Reply to topic
Hicel



Joined: 09 Sep 2004
Posts: 55
Hicel 28 Feb 2008, 03:09
I just came up with an idea after thinking about what can I develop next.
What do you think about an Emulator running on an 32-Bit machine emulating 64-Bit PE-Executables? Do you think this is a good idea and does such a thing already exists?

Before you say it is impossible think about it. The only thing that would be impossible is when 64Bit values are passed to extern 32-API that are greater than 32-bit Values. If they are not bigger you could send the fastcall through a translation layer making a stdcall to the win32-api. All inner routines could be just emulated that would be no problem.

I just started and made a PE-Analyzer checking for Machine and PE+ Format and loading the sections.

What do you think about it?
Post 28 Feb 2008, 03:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 28 Feb 2008, 04:21
There is Bochs. IIRC It does either 64bit emulation or is planned. It is free and open source.
Post 28 Feb 2008, 04:21
View user's profile Send private message Visit poster's website Reply with quote
Hicel



Joined: 09 Sep 2004
Posts: 55
Hicel 28 Feb 2008, 05:33
I know BOCHS but it emulates the whole machine and OS. I more meant just to Emulate the PE64 .exe on the current 32-Bit Windows system.
Post 28 Feb 2008, 05:33
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 28 Feb 2008, 06:23
An app written for 64bit will also expect to find a 64bit OS. So it would seem to make sense to emulate the OS also. And a 64bit OS would expect to find a 64bit processor. So it would seem to make sense to emulate the 64bit CPU also. a 64bit CPU would expect to find itself running on dedicated hardware designed for it. So it would seem to make sense to emulate the hardware also. That it why we see software like BOCHS, to do it any differently would be extremely difficult.
Post 28 Feb 2008, 06:23
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 28 Feb 2008, 07:04
Hicel: that would require tremedous effort to translate all 32bit system structures to 64bit ones. i'd say this is "too ambitious" project.
Post 28 Feb 2008, 07:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 28 Feb 2008, 12:09
Too bothersome a project with too little gain, imho. Emulating/fixing the code itself probably isn't that bad a task (but still a lot of work). As vid says, though, you'd have a hell of a lot of work making API conversion thunks...
Post 28 Feb 2008, 12:09
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4335
Location: Now
edfed 28 Feb 2008, 12:19
Quote:

An app written for 64bit will also expect to find a 64bit OS. So it would seem to make sense to emulate the OS also. And a 64bit OS would expect to find a 64bit processor. So it would seem to make sense to emulate the 64bit CPU also. a 64bit CPU would expect to find itself running on dedicated hardware designed for it. So it would seem to make sense to emulate the hardware also. That it why we see software like BOCHS, to do it any differently would be extremely difficult.

looks like the Tomb Raider's quests, find the item to find another item to find the key to open the door that hide an item that permit to finish the current level
Laughing
Quote:
Hicel: that would require tremedous effort to translate all 32bit system structures to 64bit ones. i'd say this is "too ambitious" project.

yep, the first thing to do is to code an emulator for very little µP, like 6809, if you can make it, then you can have the ambition to make it for a 8086, and then, you can try to make it for 386
and so on.
step by step.

bosch just emulate a X86 platform, it is to you to install an os in a drive image and execute it with bosch.
bosch cannot be a very good reference in emulation as it is very very slow.
it takes more time on my machines to boot bosch on a floppy image than to reboot the computer, try the floppy, and restart windows.

the problem with emulators is that the best one is VIRTUAL PC, the M$ one, as they are the owner of the OS, it's normal. but it works only on XP based machines. impossible for win98 Sad
a good idea is to make a faster emulator for x86-32 than bosch.
Post 28 Feb 2008, 12:19
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 28 Feb 2008, 12:40
Keep in mind that bochs emulate, VirtualPC and VmWare translate... which is why they run a lot faster than pure emulation. Note that bochs appearantly got a lot faster in the most recent version. There's also QEMU which can do either pure emulation or some translation as well.

PS: bochs, not bosch.
Post 28 Feb 2008, 12:40
View user's profile Send private message Visit poster's website Reply with quote
Hicel



Joined: 09 Sep 2004
Posts: 55
Hicel 28 Feb 2008, 13:42
Yes. I see the point. It would be too much to complain on the OS side. But I still have two ideas in my mind.

1. What about interactive code emulation or something. I mean like in Olly you can follow API calls and get the code until ret. So you would emulate the PE64 and if a call to an API function let's say MessageBox is made the following code till ret is cut out and somehow also emulated and translated to emulated 64-Bit

2. Idea is translating all 64-Bit stuff in the PE to 32-Bit machine code also variables registers.. calls etc. This way you would not need to complain about the api except the fastcall2stdcall conversion. (But this way you would loose data because if 64-bit is fully used 32-bit cannot represent the data values that are greater than a dword)

Hmm It all seemed easier in my mind before you all came up with these problems Laughing
Post 28 Feb 2008, 13:42
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 28 Feb 2008, 13:59
neither of these would work

1. tracing 32bit code doesn't in any way make it able to work with different 64bit structures

2. this doesn't solve structures too
Post 28 Feb 2008, 13:59
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Hicel



Joined: 09 Sep 2004
Posts: 55
Hicel 28 Feb 2008, 14:17
Ok I give up. Smile
Post 28 Feb 2008, 14:17
View user's profile Send private message Reply with quote
itsnobody



Joined: 01 Feb 2008
Posts: 93
Location: Silver Spring, MD
itsnobody 28 Feb 2008, 21:05
Hmm....

How about instead of an Emulator or Interpreter you just make something that converts the 64-bit EXEs files into 32-bit EXEs....this seems easier, and it would be a lot faster ,the same as machine code
Post 28 Feb 2008, 21:05
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Feb 2008, 00:22
itsnobody wrote:
Hmm....

How about instead of an Emulator or Interpreter you just make something that converts the 64-bit EXEs files into 32-bit EXEs....this seems easier, and it would be a lot faster ,the same as machine code


First you'll have to write a disassembler that's at least as good as IDA - and then there's the translation down to 32-bit code, which takes quite some work as well (fewer & narrower registers, different calling conventions, different pointer sizes, ...). This isn't going to be easier than the "simple" emulation layer proposed easier, and requires not just 64->32 stuff but also knowledge about the entire windows API.

_________________
Image - carpe noctem
Post 29 Feb 2008, 00:22
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4335
Location: Now
edfed 29 Feb 2008, 00:30
Quote:

knowledge about the entire windows API.

assuming it's for windows... Wink
Post 29 Feb 2008, 00:30
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Feb 2008, 00:36
edfed wrote:
Quote:

knowledge about the entire windows API.

assuming it's for windows... Wink
That was pretty much implied from the first post of the thread... but could of course be generalized to "full knowledge of the API(s) of the operating system(s) you want to support".

_________________
Image - carpe noctem
Post 29 Feb 2008, 00:36
View user's profile Send private message Visit poster's website Reply with quote
Hicel



Joined: 09 Sep 2004
Posts: 55
Hicel 29 Feb 2008, 01:35
itsnobody wrote:
Hmm....

How about instead of an Emulator or Interpreter you just make something that converts the 64-bit EXEs files into 32-bit EXEs....this seems easier, and it would be a lot faster ,the same as machine code


Thats what I meaned by:

Quote:
2. Idea is translating all 64-Bit stuff in the PE to 32-Bit machine code also variables registers.. calls etc. This way you would not need to complain about the api except the fastcall2stdcall conversion. (But this way you would loose data because if 64-bit is fully used 32-bit cannot represent the data values that are greater than a dword)


I don't know if it would work but its like f0dder said.. It is a lot of work. Well I will try this way starting with the PE64 Hello World from fasm examples. Then I can decide going further or not. I'll let you all know Smile

Regards
Post 29 Feb 2008, 01:35
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 29 Feb 2008, 08:00
Hicel, even in the 32-bit world, it is very difficult to disassemble a middle-sized application and reassemble it back with keeping the original functionality along. A hello-world like app is doable, but nobody cares about reassembling such a small app.

And if you add the translation, it would be even more difficult.

However, go ahead and try it, you can learn many new things even if you won't make it usable.
Post 29 Feb 2008, 08:00
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.